Help on splitting VPN / non-VPN connections and other questions / advice needed

[lollerwaffle]

Just signed up to ask questions, as this forum has been a fantastic resource so far. I am looking for a solution that would meet my objectives below without spending too much money.

First, some background and objectives. I live in China and have a 1000mb down / 100mb up connection from China Telecom. The ISP has provided an all in one modem/router box. I also bought a Asus RT-88U and flashed it with Merlin. As a side note, I think the router might have a faulty 5G radio (can see the 5G signal, lights etc. are all on, but can't connect to it). I am using ExpressVPN. I'm looking to have the option of selecting VPN and non-VPN connections for all my devices, including my TV Box and PC (for gaming etc.).

My current set up:
1. Set up VPN on the router.
2. Using the guide I found on YazFi scripts here, set up a guest network that is routed through the VPN.
3. My PC / smart devices are all connected to the router wirelessly, and I can swap to the guest SSID whenever I need to connect via the VPN.

Issues I'm running into and some questions:
1. Since the router is quite far from my PC, I am getting a less than optimal connection wirelessly, and ping tests to my router show a ping spike that occurs fairly frequently (approx every 5-10 seconds). I want to improve my gaming experience, so I'm wondering if buying extra long ethernet wires would help, or is there anything I can do to get my connection more stable?

2. If I do run a long ethernet cable, does that mean my PC connection goes through the VPN? Is there any way to set it up so that I can choose whether to have the wired connection go through the VPN (and not)?

3. What can I do to fix my 5G radio? As mentioned, I can see it, but can't connect to it on any device.

4. Not sure what to call it, but the non-VPN network is 192.168.2.x, while the VPN IP is 192.168.3.x. How do I set it up so that stuff connected via the VPN ssid and the non-VPN ssid can 'see' each other or recognise that they are on the same network?

5. Re the ping spikes I mentioned, could it be due to the router being faulty? How do I check this?

Any advice is appreciated, thanks in advance!

 

[Xentrk]

Just signed up to ask questions, as this forum has been a fantastic resource so far. I am looking for a solution that would meet my objectives below without spending too much money.

First, some background and objectives. I live in China and have a 1000mb down / 100mb up connection from China Telecom. The ISP has provided an all in one modem/router box. I also bought a Asus RT-88U and flashed it with Merlin. As a side note, I think the router might have a faulty 5G radio (can see the 5G signal, lights etc. are all on, but can't connect to it). I am using ExpressVPN. I'm looking to have the option of selecting VPN and non-VPN connections for all my devices, including my TV Box and PC (for gaming etc.).

My current set up:
1. Set up VPN on the router.
2. Using the guide I found on YazFi scripts here, set up a guest network that is routed through the VPN.
3. My PC / smart devices are all connected to the router wirelessly, and I can swap to the guest SSID whenever I need to connect via the VPN.

Issues I'm running into and some questions:
1. Since the router is quite far from my PC, I am getting a less than optimal connection wirelessly, and ping tests to my router show a ping spike that occurs fairly frequently (approx every 5-10 seconds). I want to improve my gaming experience, so I'm wondering if buying extra long ethernet wires would help, or is there anything I can do to get my connection more stable?

2. If I do run a long ethernet cable, does that mean my PC connection goes through the VPN? Is there any way to set it up so that I can choose whether to have the wired connection go through the VPN (and not)?

3. What can I do to fix my 5G radio? As mentioned, I can see it, but can't connect to it on any device.

4. Not sure what to call it, but the non-VPN network is 192.168.2.x, while the VPN IP is 192.168.3.x. How do I set it up so that stuff connected via the VPN ssid and the non-VPN ssid can 'see' each other or recognise that they are on the same network?

5. Re the ping spikes I mentioned, could it be due to the router being faulty? How do I check this?

Any advice is appreciated, thanks in advance!

For the Wifi signal issue, you can convert an old router to an Access Point (AP) or purchase an AP fairly inexpensively. You can run an Ethernet cable from the main router to the AP to extend the range. 5Ghz has a shorter range than 2.4 Ghz.

You can also use the Policy or Selective Routing features of the OpenVPN Client screen to configure routing rules.

On #4, that may be something to do with the YazFi script. He has a thread you can post questions on. With the routing method built into the firmware, LAN clients that use the WAN and those that use the VPN are in the same subnet.

 

[CaptainSTX]

Not an elegant solution but as an alternative to switching between SSIDs in might be just as easy if you are using Policy based routing in the VPN setup to simply log into the router and change if a device is routed usint the VPN or WAN.

This won't work if you have others in your household that need to have the same flexibility WAN/VPN.

 

[lollerwaffle]

For the Wifi signal issue, you can convert an old router to an Access Point (AP) or purchase an AP fairly inexpensively. You can run an Ethernet cable from the main router to the AP to extend the range. 5Ghz has a shorter range than 2.4 Ghz.

You can also use the Policy or Selective Routing features of the OpenVPN Client screen to configure routing rules.

On #4, that may be something to do with the YazFi script. He has a thread you can post questions on. With the routing method built into the firmware, LAN clients that use the WAN and those that use the VPN are in the same subnet.

Sorry for the late reply. I've been testing a whole bunch of configurations to see what could work for me. Thank you again for the guidance, that's been really useful.

My current planned setup is:

SDN modem router -ethernet-> Asus RT-ac88U (2 SSIDs, one with WAN and guest network VPN) -ethernet-> Google Onhub set as AP (old router I had)

Still thinking about running a cat 6a Ethernet to the PC, but before I buy one, can you tell me if the wired connection will be routed through the VPN by default?

On a related note, will be Onhub work as an AP and will it's connection go through the VPN? I realise this is probably a crappy router to achieve what I'm trying to, so this is likely s temporary meausre until I sell this router and get another one.

I realise that I can also manually route the ethernet connected PC IP address through WAN, and then manually activate VPN software in the PC if I need it. Would this be inefficient?

Also, I have been exploring AI mesh, and seeing if that could be worked into my current setup by buying a cheap Asus router. Any ideas there? Would the mesh be non-VPN?

 

[lollerwaffle]

Not an elegant solution but as an alternative to switching between SSIDs in might be just as easy if you are using Policy based routing in the VPN setup to simply log into the router and change if a device is routed usint the VPN or WAN.

This won't work if you have others in your household that need to have the same flexibility WAN/VPN.

Thanks, that gave me some good ideas and led me down a path of reading about how routing works (see previous post). Unfortunately I think your solution might not work for me as I need the flexibility on most devices to go through the VPN and WAN when needed.